-1

MY GOAL: once the button is pressed then it cannot be pressed again. It should give an error or some sort of message like (when button is pressed first time to mark attendance and someone again press it)

" attendance is already marked you cannot mark your attendance again "

 <?php 
 session_start();

 ?>
 <form method="post">
 <button name="attendence" >mark attendence  </button>
 </form>


<?php

if (isset($_POST['attendence'])){
    $id =$_SESSION["id"];
    $con = mysqli_connect('localhost','root','','yo');
    $query = "INSERT INTO attendance (present,absent, datetime, std_id) VALUES ('present','',current_timestamp(), $id ) ";
    $rs=mysqli_query($con,$query);

    if($rs){
        echo "Marked as Present";
    }
    else {
        echo "marked as Absent";
    }
    
}
TylerH
  • 20,799
  • 66
  • 75
  • 101
Saleem Ayoub
  • 1
  • 3
  • 1
    Your information will be in the database. If attendance was marked, then doing a query to check if it was marked should return a row. If a row is returned, reject the submission and show your message. You could also not render the form at all when you detect it was already marked. – El_Vanja May 10 '21 at 19:47
  • @El_Vanja can you be more Specific on Code rather then on Theory please. if you show me the code or even the Idea by code .. i will be very grateful to you. it will help me a lot to understand scenario. Thanks – Saleem Ayoub May 10 '21 at 19:54
  • 2
    Well, do you know how to write a SELECT query? That should be your first step – ADyson May 10 '21 at 19:56
  • @ADyson SELECT * FROM `attendance` WHERE date=CURRENT_DATE and std_id=(currently login student) and marked_status='marked' ..... do i have to perform this query to check if Marked_Status is 'Marked ' then it should give error when a student again press a button – Saleem Ayoub May 10 '21 at 20:31
  • Yes that looks like it would probably work...if that returns a row then show an error. If it doesn't, continue with the INSERT query. – ADyson May 10 '21 at 20:49
  • 1
    P.s. separately, this code `{ echo "Marked as Present"; } else { echo "marked as Absent"; }` makes no logical sense. If $rs is false it simply means no row was inserted, it does not mean the person was marked as absent. In fact your code only allows them to be marked as present. You have no ability to mark someone absent, at the moment. Are you planning to add that later? Also you don't need separate database columns for present and absent. A single "status" column which can accept either present or absent as values would be a better design. – ADyson May 10 '21 at 20:51
  • 1
    Your SQL query is vulnerable to code injection, please take a look to https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ClassicOcean May 10 '21 at 21:03
  • @ADyson thanks for help. i have updated the code and Now it Runs as i wanted it to run. please check the Code if it needs any changes . – Saleem Ayoub May 12 '21 at 13:03
  • Ok but please don't update the question with the solution code! Now the answers make no sense to other readers! Remember these questions will be read by people in future searching for solutions to similar issues, it's not just purely for you. You've already accepted an answer. If you think that doesn't explain the solution sufficiently, then add your own separate Answer and change that to be the accepted answer instead. – ADyson May 12 '21 at 13:52
  • I've rolled back your question to the previous version so it makes sense again. If you want to retrieve the code you posted, so you can make it into an answer instead, you can find it here: https://stackoverflow.com/posts/67476734/revisions – ADyson May 12 '21 at 13:53

2 Answers2

0

You have to search in database if the student is already mark as present by this code:

$id =$_SESSION["id"];
$query = "SELECT * FROM attendance WHERE std_id = '$id' ) ";
$result=mysqli_query($con,$query);
while ($row = mysqli_fetch_assoc($result)) { 
    if ($row['present'] == 'present') {
        echo' Student already marked as present';
    }
    else {
        echo'
        <form method="post">
             <button name="attendence" >mark attendence  </button>
        </form>';
    }
}
Stefino76
  • 369
  • 4
  • 10
  • 1
    Your SQL query is vulnerable to code injection, please take a look to https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ClassicOcean May 10 '21 at 21:20
  • 1
    The value of $id is a $_SESSION value and not an $_GET or $_POST value. PDO is ever the best solution but in this case is very difficult create an code injection because there isn't possibility to assign external value to $id variable – Stefino76 May 10 '21 at 21:31
0

first: to search in the database if the student is already marked/present. if he/she is present echo "write something ".

Then: insert query to mark present

<?php

if (isset($_POST['attendence'])){
    $id =$_SESSION["id"];
    $con = mysqli_connect('localhost','root','','yo');
    

    $mark_query = "SELECT * FROM `attendance` WHERE date=CURRENT_DATE and std_id=$id ";

    $result = mysqli_query($con, $mark_query);
    $row = mysqli_fetch_assoc($result);
        
    if ($row['present']=='present') {
        echo "Student already marked ".$row['present'];
    }
        
    else{
        $query = "INSERT INTO attendance (present,absent, datetime, std_id,date,marked_status) VALUES ('present','',current_timestamp(), $id, current_timestamp(),'marked' ) ";
        $rs=mysqli_query($con,$query);

        if($rs){
            echo "Marked as Present";
        }
            

    }
    
}   
?>
TylerH
  • 20,799
  • 66
  • 75
  • 101
Saleem Ayoub
  • 1
  • 3